this post was submitted on 20 Sep 2024
25 points (90.3% liked)

Selfhosted

40226 readers
1130 users here now

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.

Rules:

  1. Be civil: we're here to support and learn from one another. Insults won't be tolerated. Flame wars are frowned upon.

  2. No spam posting.

  3. Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it's not obvious why your post topic revolves around selfhosting, please include details to make it clear.

  4. Don't duplicate the full text of your blog or github here. Just post the link for folks to click.

  5. Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).

  6. No trolling.

Resources:

Any issues on the community? Report it using the report flag.

Questions? DM the mods!

founded 1 year ago
MODERATORS
 

I'm setting up a self-hosted stack with a bunch of services running on a home device. I'm also tunneling all the traffic through a VPS in order to expose the services without exposing my home IP or opening ports on my local network. Currently all my traffic is HTTP, and its path looks like this:

  • Caddy proxy on remote VPS (HTTPS, :80 & :443)
  • Wireguard tunnel
  • Caddy proxy in Docker on homeserver (HTTP, :80)
  • app containers in separate isolated subnets, shared with Caddy

I want to set up qBittorrent and other torrent apps, and I want all their traffic to pass through the proxies. Proxying traffic to the WebUI is easy, there's plenty of tutorials; what I'm struggling with is proxying the torrent leeching and seeding traffic, which is the most important part since I live in a country that's not cool with piracy.

Unless I'm misunderstanding, BitTorrent traffic is TCP or UDP, so I'd need Caddy to act as a Layer 4 proxy. There's a community-maintained plugin that should support this. How would I configure it though? Do I need both instances to listen on a new port? Or can I open a new port on the VPS only, and forward traffic to the homeserver Caddy over the same port as the HTTP traffic (:80)? Are there nuances in proxying TCP traffic that I should be aware of?

you are viewing a single comment's thread
view the rest of the comments
[–] HappyTimeHarry@lemm.ee 4 points 1 month ago* (last edited 1 month ago) (1 children)

What you describe doesnt really make sense so ill suggest what i think you really want;

You want your vps to be the wireguard server, the local PC connects as a client this "proxies" your connection so torrent swarms see the IP of your vps.

If you want port forwarding it gets a bit complicated because you need to forward the vps port over wireguard, but this is optional so you dont have to worry if you can't figure it out.

Caddy doesn't really seem relevant unless you want to have a domain name that forwards to your home network.

[–] andscape@feddit.it 1 points 1 month ago

I indeed have a domain name pointing to the VPS IP, with Caddy managing TLS. Other apps are exposed this way, and I will do the same for the qBittorrent WebUI as well. I like having Caddy as a single gateway where I can apply security configs and monitor all traffic, I was hoping I would be able to pass torrent traffic through it as well but everybody seems very much against it.

I already have wireguard setup as you describe so I guess I'll just give up on passing torrent traffic through the proxies and just open a localhost port on the qBittorrent container...